Agent Identity and Governance in Microsoft 365

Note that Agent ID is currently only available for frontier organizations (Secure agent access with Microsoft Entra | Microsoft Security). It is still somewhat unclear when it will reach GA.

(Microsoft is, as usual, following the SOR framework… Sooner Or Later.. 🕑)

Governance building blocks

Conditional Access for Workload Identities, applying targeted CA policies directly to agent identities, for example with location/IP requirements, risk, and authentication context.

Here, Microsoft has introduced a policy template that blocks high‑risk agents.

Copilot/Agent overview in M365 Admin, the SharePoint Advanced Management (SAM) Agent Insight report, and Copilot management via the Admin Center.

• Audit in Purview – logging of user and admin activity for Copilot/AI, including which resources were accessed to generate a response.

  

• Copilot Studio governance – data policies, environment management, security checks, and audit integrations for agents you build yourself.

  

At the end of the day, this is like everything else we build in the Microsoft universe: it needs to be developed, governed, and owned by someone who keeps their finger on the pulse. Microsoft is steadily rolling out new features for governing and securing agents, but right now it feels a bit like a treasure hunt across portals, blades, and menu options.

That means you need to stay sharp, keep track of what appears where, and be ready to adjust when Microsoft launches something new (or moves a button you just learned how to find).

Bjørnar&AI